You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ram <ra...@netcore.co.in> on 2007/10/22 10:59:10 UTC
spamassassin conditional rules
Can I have multiple custom rules and evaluate some rules depending on
results from others
Basically I have different domains and each domain recieves different
kind of spam. I wish to let domain administrators manage rules for
themselves , but without increasing the load on SA
For eg a rule might be
header __TO_CC_PHARMA_COMPANY ToCc =~ /\@pharmacompany.com\b/i
if( __TO_CC_PHARMA_COMPANY ) { ######## How to do this ????
body ALLOW_MEDS /viagra/
descibe this company recieves such legal mails , so give a negative
score to offset the others
score ALLOW_MEDS -2
} ######### end if
Thanks
Ram
Re: spamassassin conditional rules
Posted by Matthias Leisi <ma...@leisi.net>.
> ram wrote:
>> header __TO_CC_PHARMA_COMPANY ToCc =~ /\@pharmacompany.com\b/i
>>
>> if( __TO_CC_PHARMA_COMPANY ) { ######## How to do this ????
>> body ALLOW_MEDS /viagra/
>> descibe this company recieves such legal mails , so give a negative
>> score to offset the others
>> score ALLOW_MEDS -2
>> } ######### end if
>>
>
> To get the functionality you want, you'd use a meta rule instead..
>
> header __TO_CC_PHARMA_COMPANY ToCc =~ /\@pharmacompany.com\b/i
>
> body __HAS_VWORD /viagra/
>
> meta ALLOW_MEDS ( __HAS_VWORD && __TO_CC_PHARMA_COMPANY)
> score ALLOW_MEDS -2
Which is not actually what the OP is looking for, since in your example,
the body rule would need to be evaluated at a certain cost. For efficiency
reasons, the OP would like to evaluate some rules only if some condition
is met.
AFAICS, the OPs request is not possible out of the box. A workaround would
be to set up two different instances of SA, each with it's own set of
configurations etc (incl. Bayes and other data files!), and the MTA
forwarding mails to one or the other SA instance depending on the RCPT TO
domain.
IMO this is a valid request, although the best method of implementation
may need some evaluation.
-- Matthias
Re: spamassassin conditional rules
Posted by Matt Kettler <mk...@verizon.net>.
ram wrote:
>>>
>>>
>> Really? It's that bad to add a single, very simple, body regex? Have you
>> looked at how many body regexes the stock SA configuration runs? Have
>> you looked at how many are hundreds of times more complex, just by
>> themselves?
>>
>>
>> For example 20_drugs.cf contains:
>>
>> body __DRUGS_ERECTILE1
>> /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[ij1!|l\xEC\xED\xEE\xEF][_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}[xyz]?[gj][_\W]{0,3}r[_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}x?[_\W]{0,3}(?:\b|\s)/i
>>
>>
>>
>> And question, are you really trying to do this as a whitelist, or are
>> you trying to compensate for the score of one of the standard rules? If
>> you're trying to compensate for a standard rule, you can use it, rather
>> than your own... That way you're not adding any extra regexes, other
>> than the__TO_CC_PHARMA_COMPANY, which is unavoidable to do what you want.
>>
>>
>
>
> Yes but I would want to give an interface to the customer to manage that
> himself. And he cant be expected to know DRUGS_ERECTILE. But he surely
> knows his mails come with viagra or with easy-home-loans
>
> With very little training the admin can himself whitelist words and
> compensate for FP's himself
>
>
>> For example, you could do:
>>
>> meta ALLOW_MEDS (__TO_CC_PHARMA_COMPANY && DRUGS_ERECTILE)
>>
>> The meta rule itself is processor-wise quite cheap.
>>
>
>
> Cheap ok , but until when. How many on such domain specific rules will
> my shared servers support. I dont think this can scale.
>
It will scale better than your suggestion of trying to inhibit rule
loading at runtime.
> Ok so IF-THEN-ELSE rules are not available in SA. Probably that was well
> thought of too. But I think that would be a good feature to have ,
> especially for creating domain specific rules if not have any other
> application
>
Why? It doesn't scale well because it would force re-parsing rules at
runtime. Urgh!
> Thanks
> Ram
>
>
>
>
>
>
>
Re: spamassassin conditional rules
Posted by ram <ra...@netcore.co.in>.
> >
> Really? It's that bad to add a single, very simple, body regex? Have you
> looked at how many body regexes the stock SA configuration runs? Have
> you looked at how many are hundreds of times more complex, just by
> themselves?
>
>
> For example 20_drugs.cf contains:
>
> body __DRUGS_ERECTILE1
> /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[ij1!|l\xEC\xED\xEE\xEF][_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}[xyz]?[gj][_\W]{0,3}r[_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}x?[_\W]{0,3}(?:\b|\s)/i
>
>
>
> And question, are you really trying to do this as a whitelist, or are
> you trying to compensate for the score of one of the standard rules? If
> you're trying to compensate for a standard rule, you can use it, rather
> than your own... That way you're not adding any extra regexes, other
> than the__TO_CC_PHARMA_COMPANY, which is unavoidable to do what you want.
>
Yes but I would want to give an interface to the customer to manage that
himself. And he cant be expected to know DRUGS_ERECTILE. But he surely
knows his mails come with viagra or with easy-home-loans
With very little training the admin can himself whitelist words and
compensate for FP's himself
>
> For example, you could do:
>
> meta ALLOW_MEDS (__TO_CC_PHARMA_COMPANY && DRUGS_ERECTILE)
>
> The meta rule itself is processor-wise quite cheap.
Cheap ok , but until when. How many on such domain specific rules will
my shared servers support. I dont think this can scale.
Ok so IF-THEN-ELSE rules are not available in SA. Probably that was well
thought of too. But I think that would be a good feature to have ,
especially for creating domain specific rules if not have any other
application
Thanks
Ram
Re: spamassassin conditional rules
Posted by Matt Kettler <mk...@verizon.net>.
ram wrote:
>>>
>>>
>> You don't do it as a "conditional" rule.. Any "conditional" rule
>> structured that way would be something like an ifplugin, which would
>> inhibit it from loading the rule when the file is read, before scanning
>> the message.
>>
>> To get the functionality you want, you'd use a meta rule instead..
>>
>> header __TO_CC_PHARMA_COMPANY ToCc =~ /\@pharmacompany.com\b/i
>>
>> body __HAS_VWORD /viagra/
>>
>> meta ALLOW_MEDS ( __HAS_VWORD && __TO_CC_PHARMA_COMPANY)
>> score ALLOW_MEDS -2
>>
>>
>
> I am already doing this , But I see it does not scale
> This would work but every message that passes spamassassin would fo thru
> __HAS_VWORD even if it were not for pharmacompany.com
>
Yes. SA will run the __HAS_VWORD rule.
There's no way in spamassassin to on-the-fly disable rules during a
message scan, except the short-circuit feature.
> Now I have 2000 domain administrators and if all of them were allowed
> to use this "feature", I am sure my SA boxes will cry
>
Really? It's that bad to add a single, very simple, body regex? Have you
looked at how many body regexes the stock SA configuration runs? Have
you looked at how many are hundreds of times more complex, just by
themselves?
For example 20_drugs.cf contains:
body __DRUGS_ERECTILE1
/(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[ij1!|l\xEC\xED\xEE\xEF][_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}[xyz]?[gj][_\W]{0,3}r[_\W]{0,3}[a40\xE0-\xE6@][_\W]{0,3}x?[_\W]{0,3}(?:\b|\s)/i
And question, are you really trying to do this as a whitelist, or are
you trying to compensate for the score of one of the standard rules? If
you're trying to compensate for a standard rule, you can use it, rather
than your own... That way you're not adding any extra regexes, other
than the__TO_CC_PHARMA_COMPANY, which is unavoidable to do what you want.
For example, you could do:
meta ALLOW_MEDS (__TO_CC_PHARMA_COMPANY && DRUGS_ERECTILE)
The meta rule itself is processor-wise quite cheap.
Re: spamassassin conditional rules
Posted by ram <ra...@netcore.co.in>.
> >
> You don't do it as a "conditional" rule.. Any "conditional" rule
> structured that way would be something like an ifplugin, which would
> inhibit it from loading the rule when the file is read, before scanning
> the message.
>
> To get the functionality you want, you'd use a meta rule instead..
>
> header __TO_CC_PHARMA_COMPANY ToCc =~ /\@pharmacompany.com\b/i
>
> body __HAS_VWORD /viagra/
>
> meta ALLOW_MEDS ( __HAS_VWORD && __TO_CC_PHARMA_COMPANY)
> score ALLOW_MEDS -2
>
I am already doing this , But I see it does not scale
This would work but every message that passes spamassassin would fo thru
__HAS_VWORD even if it were not for pharmacompany.com
Now I have 2000 domain administrators and if all of them were allowed
to use this "feature", I am sure my SA boxes will cry
Thanks
Ram
Re: spamassassin conditional rules
Posted by Matt Kettler <mk...@verizon.net>.
ram wrote:
> Can I have multiple custom rules and evaluate some rules depending on
> results from others
>
>
> Basically I have different domains and each domain recieves different
> kind of spam. I wish to let domain administrators manage rules for
> themselves , but without increasing the load on SA
>
>
>
> For eg a rule might be
>
> header __TO_CC_PHARMA_COMPANY ToCc =~ /\@pharmacompany.com\b/i
>
> if( __TO_CC_PHARMA_COMPANY ) { ######## How to do this ????
> body ALLOW_MEDS /viagra/
> descibe this company recieves such legal mails , so give a negative
> score to offset the others
> score ALLOW_MEDS -2
> } ######### end if
>
You don't do it as a "conditional" rule.. Any "conditional" rule
structured that way would be something like an ifplugin, which would
inhibit it from loading the rule when the file is read, before scanning
the message.
To get the functionality you want, you'd use a meta rule instead..
header __TO_CC_PHARMA_COMPANY ToCc =~ /\@pharmacompany.com\b/i
body __HAS_VWORD /viagra/
meta ALLOW_MEDS ( __HAS_VWORD && __TO_CC_PHARMA_COMPANY)
score ALLOW_MEDS -2
>
>
>
Re: spamassassin conditional rules
Posted by Per Jessen <pe...@computer.org>.
ram wrote:
> Can I have multiple custom rules and evaluate some rules depending on
> results from others
>
> Basically I have different domains and each domain recieves different
> kind of spam. I wish to let domain administrators manage rules for
> themselves , but without increasing the load on SA
I maintain separate SA rulesets per domain - these are then included by
spamd on top of the default set.
/Per Jessen, Zürich